The New York Electronic Data Interchange (“EDI”) Working Group, an ad hoc working group consisting of personnel from Utilities, Energy Service Companies and EDI Service Providers pursuing development of EDI Standards, submitted to the New York PSC a report on EDI standards development proposing changes to various EDI Standards Implementation Guides, Data Dictionaries, Business Process Documents and Technical Operating Profile Supplements

The instant filing (“November 2018 Report”) includes modifications addressing limited cyber security concerns pertaining to the Electronic Delivery Mechanism (“EDM”) used to transport EDI transactions via the public internet, Department of Public Service (“DPS”) Staff requested changes to the Phase I testing application, standardization of gray box notes to provide clarity and consistency in the 814C and 814HU Implementation Guides and incorporation of updates addressing April 2018 Report errata.

The most substantive changes are to the Technical Operating Profile Standards to upgrade3 New York’s standard EDM from GISB EDM 1.4 to GISB EDM 1.6 matching the EDM standard employed by most other states that utilize EDI transactions to support customer choice/retail access programs, i.e. to implement what the relevant industry considers to be the best practice. In addition to this change, the November 2018 Report revises the Technical Operating Profile Standards to:

• Require a 1024-bit PGP encryption key.

• Recommend the practice of utilizing different PGP keys for production and test environments.

• Recommend that periodic testing associated with utility-initiated changes to PGP keys be process in batches.

• Update references to the underlying EDM standards documents supported by the North American Energy Standards Board (“NAESB”).

• Update the recommendations for alternative secure medium recommendations to be used during prolonged EDI outages to reflect technological changes.

• Reflect other changes to reflect experience since New York’s initial implementation of the EDI and to address miscellaneous errata.

The EDI Working Group discussed additional upgrades but chose instead to defer decisions in deference to anticipated recommendations of a soon to be established New York Cyber Security Working Group. Specifically, the following items are deferred:

• Further updates New York’s standard EDM, i.e. mandated implementation of a higher version that GISB EDM 1.6.

• Whether or not to require and/or support longer PGP encryption keys, e.g. 2048-bit or 4096-bit.

• Further recommendations for alternative secure medium recommendations to be used during prolonged EDI outages to reflect technological changes.

See the working group report here (filed 11/30/18)